Daily Internet users should be familiar with the concept of cybersecurity. Cybersecurity practices are mostly focused on businesses rather than individuals, pushing them to do cybersecurity risk assessments (such as penetration testing) to verify the organization’s ability to safeguard its data and information systems against cyber threats.
However, it also serves as a useful reminder to individuals to check their own cybersecurity and do their own risk assessment, allowing us to offer advice to less-tech-savvy friends and family.
Here is a checklist you can provide to your less tech-savvy friends, as many of the processes that appear simple to us may not be to them.
Cybersecurity Awareness #1 : Passwords
The most crucial step is to use unique passwords for every website, application, and service. A frightening percentage of users reuse passwords, which means their security is only as good as the least secure service they use. When hackers obtain login credentials for any service, they immediately test them on a variety of prominent services, from Apple to Facebook, to determine if they work.
Strong passwords should also be used. Never use dictionary terms or information that would be obvious to anyone who knows you. This includes having capital letters, numbers, symbols and a basic length of 8 characters should be considered into creating a strong password.
A password manager is the only method to have strong, unique passwords for every website. Password manager ease our life by storing our complicated passwords in one (1) place. There are a few security features for Mac that are very useful like Safari’s built-in password manager is adequate, but 1Password, LastPass, Bitwarden are two popular subscription services.
Cybersecurity Awareness #2 : Security Questions
Many websites have ineffective security questions, requesting information that is easily accessible to anyone who knows you. If they ask about your birthplace, first car, and first pet, etc., you should consider designing your own system for answering these questions. For instance, you may utilise the first letter of the question to name a favourite book or film whose title begins with the same letter.
Be wary of social media posts that request duplicate information. Many posts ask you to describe your first car, pet, etc. These assaults are not typically targeted, but they are intended to help hackers compile a dictionary of common responses to these queries.
Cybersecurity Awareness #3 : Two-Factory Authentication (2FA)
Always utilise two-factor authentication whenever it is available. This means that even if your password is compromised, no one will be able to log in.
Note that text messages are a very weak type of two-factor authentication. SIM assaults and network intrusions can easily undermine security, therefore if you have a choice of communication methods, you should never use SMS. It is preferable to utilise authenticator apps.
Fortunately, iOS 15 makes this simple for Apple customers, as the feature is now built-in. Navigate to Settings > Passwords > Sitename> > Add. Establish a Verification Code. Google Authenticator is a second popular choice (iOS and Android).
Source : Malwarebytes
Cybersecurity Awareness #4 : Phishing
By providing you a link to a bogus website, phishing is the process of attempting to obtain your login information. Typically, there will be an email alleging that there is a problem with your bank account, Apple ID, PayPal, email service, etc. Sending you a receipt for an expensive purchase with a link to dispute it is a common tactic.
The most important precaution is to never click on links in emails. Use your own bookmarks or enter a known URL at all times.
Emails sent by the spammers or scammers usually come with a very attractive title to lure us into clicking the email. Once you have clicked in, DO NOT DOWNLOAD ANY ATTACHMENT from the email. You should Check the email address. It is usually from 12iuw@lyuhij.com pretending to be someone. Delete that email right away.
Cybersecurity Awareness #5 : Bank Payments
When you receive an email or text message purporting to be from a company you use, this is a prevalent form of fraud. Future payments should be made to a separate account, as indicated by the notice. Never take action without first calling a known company contact.
A variation on this is when the message (or, more frequently, the phone call) claims to be from your bank and states that your account has been compromised and funds must be transferred to a new account. A bank would never act in this manner, so you should always disregard this.
I personally download applications my phone like TrueCaller (iOS) to help me identify who are the callers to your phone. This app works like a community app where if someone identifies a SPAM caller, they will flag it and it will be updated in TrueCaller’s database and it will be available to everyone.
Cybersecurity Awareness #6 : Virtual Private Network (VPN)
Accessing sensitive websites such as ebanking on a public Wi-Fi network is discouraged; nonetheless, a VPN subscription is strongly suggested if you frequently use Wi-Fi hotspots. This encrypts all of your data, so even if it is intercepted by a man-in-the-middle attack, the hacker will not be able to view your login credentials or any other sensitive information you send or receive.
What are your personal tips for cybersecurity? Please post them in the comments section.
Image Source : Unsplash / Kevin Ku